Spring MVC + KC adapter + SCOPE

nachoge · January 28, 2022, 9:04pm

Hi,

I’ve configured Spring MVC + KC adapter

It’s working ok if using roles but not if using scopes…

there’s a scope called ‘read’ which exists (when authorizing with swagger 3) for the required scope return a bearer but fails in

@PreAuthorize("hasAuthority('SCOPE_profile')")
    @RequestMapping(value="/secured/scope_read", produces = "application/json", method = RequestMethod.GET) 
    public EndpointInfo test(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        return new EndpointInfo(true);
    }

this is authorized and working using a role called ‘role_read’

@PreAuthorize("hasAuthority('role_read')")
    @RequestMapping(value="/secured/role_read", produces = "application/json", method = RequestMethod.GET) 
    public EndpointInfo role_read(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        return new EndpointInfo(true);
    }

Any help would be aprecited

using 16.1.0 of both KC and KC adapter in tomcat 9

Thanks

Topic		Replies	Views
Spring security adapter roles Securing applications	10	7138	November 3, 2020
Permissions, Policy and Scopes authentication	1	1057	September 18, 2020
How to get SpringBoot adapter not to look at the bearer token for roles? Securing applications	2	1312	August 23, 2021
Spring boot + Keycloak + Permission based on authorization scope + Spring security	2	1789	October 31, 2023
Keycloak policy-enforcer, strange behaviour scope based policy Getting advice	3	1172	March 23, 2021

Spring MVC + KC adapter + SCOPE

Related Topics